ID CVE-2007-2698
Summary The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. The vendor has issued product updates to addresses these issues: BEA WebLogic Server patches: http://commerce.bea.com/showallversions.jsp?family=WLS BEA WebLogic Platform patches: http://commerce.bea.com/showallversions.jsp?family=WLP
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bea BEA07-162.00
osvdb 36071
sectrack 1018057
vupen ADV-2007-1815
xf weblogic-config-information-disclosure(34286)
Last major update 29-07-2017 - 01:31
Published 16-05-2007 - 01:19
Last modified 29-07-2017 - 01:31
Back to Top